+1 Jeff
> On Mar 15, 2023, at 7:42 AM, Michael André Pearce <[email protected]> > wrote: > > +1 (Binding) > > Mike > > On 2023/03/12 10:27:34 Havret wrote: >> FYI >> >> ---------- Forwarded message --------- >> From: Havret <[email protected]> >> Date: Sun, Mar 12, 2023 at 11:27 AM >> Subject: [VOTE] Release activemq-nms-amqp 2.1.0-rc1 >> To: <[email protected]> >> >> >> Hi all, >> >> I have put together another release of activemq-nms-amqp. Please review it >> and vote accordingly. >> >> This release includes an important new feature that allows users to specify >> an allow/deny list of types for binary serialization. This can help prevent >> potential security vulnerabilities. >> >> The feature is implemented in the same way as in qpid-jms, using a >> deserialization policy that controls which types can be trusted for >> deserialization from an incoming NMS IObjectMessage containing serialized >> .NET Object content. By default, all types are trusted during >> deserialization. However, the default Deserialization Policy object >> provides URI options for specifying an allow list and a deny list of .NET >> classes or namespaces. >> >> The following options are available: >> >> - nms.deserializationPolicy.allowList: A comma-separated list of >> classes/namespaces that are allowed during deserialization, unless they are >> overridden by the deny list. Names in this list are not pattern values; the >> exact class or namespace name must be configured (e.g. >> "System.Collections.Queue" or "System.Collections"). Namespace matches >> include sub-namespaces. The default is to allow all. >> - nms.deserializationPolicy.denyList: A comma-separated list of >> classes/namespaces that are rejected during deserialization. Names in this >> list are not pattern values; the exact class or namespace name must be >> configured (e.g. "System.Collections.Queue" or "System.Collections"). >> Namespace matches include sub-namespaces. The default is to reject none. >> >> This release contains the following change: >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311201&version=12353001 >> >> The files can be grabbed from: >> https://dist.apache.org/repos/dist/dev/activemq/activemq-nms-amqp/2.1.0-rc1/ >> >> Regards, >> Chris >> >> Here's mine +1 (binding) >>
